ouch/inspircd
2
0
Fork 0
mirror of https://github.com/inspircd/inspircd.git synced 2025-03-09 10:39:02 -04:00
Code Issues Packages Projects Releases Wiki Activity

Scope the container SSL enforcement a bit better.

Browse Source
This commit is contained in:
Sadie Powell 2025-03-02 13:06:35 +00:00
parent 42afdfd072
commit 9c15165021
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/modules/m_spanningtree/server.cpp
View File

@ -37,10 +37,18 @@
namespace namespace
{ {
bool RunningInContainer() bool IsContainerAddress(const irc::sockets::sockaddrs& sa)
{ {
std::error_code ec; std::error_code ec;
return std::filesystem::is_regular_file("/.dockerenv", ec); if (std::filesystem::is_regular_file("/.dockerenv", ec))
{
// We are running in docker, check for internal addresses.
if (irc::sockets::cidr_mask("172.17.0.0/16").match(sa))
return true; // docker0
if (irc::sockets::cidr_mask("172.18.0.0/16").match(sa))
return true; // docker_gwbridge.
}
return false;
} }
} }
@ -150,7 +158,7 @@ std::shared_ptr<Link> TreeSocket::AuthRemote(const CommandBase::Params& params)
ssliohook->GetCiphersuite(ciphersuite); ssliohook->GetCiphersuite(ciphersuite);
ServerInstance->SNO.WriteToSnoMask('l', "Negotiated ciphersuite {} on link {}", ciphersuite, x->Name); ServerInstance->SNO.WriteToSnoMask('l', "Negotiated ciphersuite {} on link {}", ciphersuite, x->Name);
} }
else if (!capab->remotesa.is_local() && !RunningInContainer()) else if (!capab->remotesa.is_local() && !IsContainerAddress(capab->remotesa))
{ {
this->SendError("Non-local server connections MUST be linked with SSL!"); this->SendError("Non-local server connections MUST be linked with SSL!");
return nullptr; return nullptr;